[j-nsp] BGP problem...
Erdem Sener
erdem.sener at borusantelekom.com
Thu Apr 7 08:13:55 EDT 2005
It seems you're congesting the line and due to BGP update packets (tcp
179)
being dropped you lost your neighborship.
The best would be configuring CoS and dedicating a small amount of
bandwitdh (e.g 5%)
for 'network control' such as bgp updates, OSPF LSA's etc.
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> Erol Kahraman
> Sent: Thursday, April 07, 2005 2:31 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] BGP problem...
>
> hi,
> I have a M7i router which is connected to internet via 2Mb
> F/R connection. Everything is ok. But when i make a stress
> test my BGP connection peer send me log as follows.
>
> Apr 7 12:48:20 Router1 rpd[2520]: bgp_traffic_timeout:
> NOTIFICATION sent to x.y.z.t (External AS 21): code 4 (Hold
> Timer Expired Error),
> Reason: holdtime expired for x.y.z.t (External AS 21), socket buffer
> sndcc: 19 rcvcc: 0 TCP state: 4, snd_una: 3435220949 snd_nxt:
> 3435220968 snd_wnd: 16384 rcv_nxt: 1777406639 rcv_adv:
> 1777423023, keepalive timer 0 Apr 7 12:49:02 Router1
> rpd[2520]: x.y.z.t (External AS 21): reseting pending active
> connection
>
> I have flooded an UDP packets to any server in my network
> from external source. I have filter which block that traffic
> but after some time the BGP connection is reseted. After that
> i've wrote a policer like this to limit all traffik to 1,9M
> and exclude BGP packets for the rest 100k bandwith.
> In spide of this my problem is persist. Do some of you have
> experienced problem like this.
>
> PLICER
> if-exceeding {
> bandwidth-limit 1900000;
> burst-size-limit 10k;
> }
> then discard;
>
> FILTER
> term T15 {
> from {
> protocol udp;
> destination-port [ xx ];
> }
> then {
> log;
> reject;
> }
>
> term T30 {
> from {
> address {
> 0.0.0.0/0;
> }
> port-except bgp;
> }
> then {
> policer POLICER1;
> count SAYAC1;
> accept;
> }
>
> INTERFACE
> e1-0/3/0 {
> encapsulation frame-relay;
> lmi {
> lmi-type ansi;
> }
> unit 0 {
> dlci 40;
> family inet {
> filter {
> input FILTER1;
>
>
> --
> Erol KAHRAMAN
> System Network Administrator
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
UYARI/NOTIFICATION:
***************************************************************************
Bu e-posta ve ekleri sadece gonderilen adres sahiplerine aittir. Bu mesajin yanlislikla tarafiniza ulasmis olmasi halinde, lutfen gondericiye derhal bilgi veriniz ve mesaji sisteminizden siliniz. BORUSAN TELEKOM bu mesajin icerigi ve ekleri ile ilgili olarak hukuksal hicbir sorumluluk kabul etmez. Gonderen taraf hata veya unutmalardan sorumluluk kabul etmez.
The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed.If you received this message in error, please immediately notify the sender and delete it from your system.BORUSAN TELEKOM doesn't accept any legal responsibility for the contents and attachments of this message.The sender does not accept liability for any errors or omissions.
***************************************************************************
More information about the juniper-nsp
mailing list